Domain: rapidssl.com
Stories and comments across the archive that link to rapidssl.com.
Comments · 12
-
Re:Two reasons for SSL
> I purchased a five-year certificate from
> rapidssl.com for $60 a few years ago....
> The cost is minimal.It's not just a cost issue, it's the principle.
You bought a "five-year" certificate. Why does it expire in five years? Does it spoil like milk? Do the bits wear with repeated use? No, it's a scam. RapidSSL don't have do do a single thing after generating the cert other than awaiting your next payment.
According to:
http://www.rapidssl.com/buy-ssl/index.html
they will sell us a "wildcard" cert for the low-low price of $796 for five years. So I correct myself; it's the cost AND the principle.
-
Re:Slashdotted
In other words, you're telling me that it's worse -- even VeriSign doesn't know how to use SSL properly. You'd think, if you were downloading a new certificate, that you'd get it via SSL?
Encryption of the certificate is not the problem... the problem is el-cheapo "domain-validated" certification authorities whose only "proof of domain ownership" is your ability to receive email at root@yourtarget.com and a phone number (any phone number will do). If you can spoof DNS so that this email really goes to your computer, and if you know where to buy a prepaid mobile plan, you can get a "valid" certificate for yourtarget.com
.It's a little bit like identity theft: rather than emptying your existing account, the perp just sets up a new account in your name...
-
Re:Slashdotted
dangers of e-mail being delivered to the wrong host
If you can cause the bank's email being delivered to your own server, you can get an RapidSSL certificate for the bank delivered to you, so as to avoid those pesky "bad certificate" warnings that would otherwise pop up on your mark's computer if they visited your phishing site or password-logging proxy. Technically, this is a "domain-validated" certificate, and an astute surfer could still tell the difference (it doesn't have the name of the organization in), but who manually doublechecks certificates that your browser accepted?
So, indirectly, e-mail is still relevant.
-
Re:What Are You Getting?
http://www.namecheap.com/ / http://www.rapidssl.com/
They're just the same as your expensive SSL certs, but just come from a company with a name less 'known' [but never revealed to the users..], as opposed to Thwarte.
-
RapidSSL is VeriSign
-
Re:https isn't free as in beer
Simple-SSL is only $35 for two years. Unfortunately at that price it looks like they can't afford to keep their DNS servers online, so the site appears to be down at the moment, but I've had good luck with them in the past. It's a valid cert, no chained root crap, works in all modern browsers (not in Netscape 4 or IE5 or possibly a few other things), works for HTTPS and POP3S/IMAPS and SMTP with TLS.
For testing purposes, you can also try FreeSSL which is only valid for one month. Interestingly, you won't find this mentioned on their site but although it works fine for HTTPS (same browser support as above), it is not valid for e-mail. -
Re:FTFA...
Except it's not being inserted into the website itself, the page is being modified en-route to the client.
Read up on ARP spoofing...[SNIP]
Which is why SSL should be more commonly used. Seriously - an SSL cert costs less than a hundred bux/year, or less than two hundred bux per year for one that allows wildcard subdomains and completely defeats this, and loads of other attacks. (No, I'm not affiliated with RapidSSL, but I am a happy customer)
The nice thing about wildcard SSL is that it effectively allows you to host multiple sites under a single IP address and port. Simply use subdomains of your root domain, and use Apache's VirtualHost directive!
Or, we could take it one step further and actually USE dnssec - but that might be asking a bit too much...
This attack is old. Technology to prevent it is well known and mature. Why are we still doing this? -
Best deal I've foundStart with FreeSSL, a real cert that's valid for one month for free.
Then move on to Simple-SSL.com, $35 for two years or $44 for three years. Both certs are from RapidSSL.com (aka GeoTrust, but I've never seen spam from them), so they work in all the browsers most people care about, but Simple-SSL.com is much cheaper than RapidSSL.com even though it's exactly the same product."RapidSSL.com certificates are compatible with IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+, Firefox, Safari and many newer Windows and Mac based browsers and are single root install certificates (they do not use chaining technology), meaning that they are compatible with SSLv2 and SSLv3."
By the way, if anyone knows how to add additional certificates to a Motorola v551 mobile phone, please let me know... -
Best deal I've foundStart with FreeSSL, a real cert that's valid for one month for free.
Then move on to Simple-SSL.com, $35 for two years or $44 for three years. Both certs are from RapidSSL.com (aka GeoTrust, but I've never seen spam from them), so they work in all the browsers most people care about, but Simple-SSL.com is much cheaper than RapidSSL.com even though it's exactly the same product."RapidSSL.com certificates are compatible with IE 5.01+, Netscape 4.7+, Mozilla 1+, AOL 5+, Firefox, Safari and many newer Windows and Mac based browsers and are single root install certificates (they do not use chaining technology), meaning that they are compatible with SSLv2 and SSLv3."
By the way, if anyone knows how to add additional certificates to a Motorola v551 mobile phone, please let me know... -
Re:links?
After reviewing the different options, I found that http://www.rapidssl.com/ (Geotrust) is the cheapest and supports all major browsers.
-
SSL CertsMost people don't understand the function of SSL certificates, nor do they understand how EASY and INEXPENSIVE it is to get one from a reputable company.
1. Register the domain JFBVB.COM
2. On your own DNS servers create a record for EBAY.JFBVB.COM
3. Purchase a legit SSL certificate from RapidSSL on that domain for $69
4. Create your phishing site
5. (Illegally) profit!Many people think that an SSL certificate somehow guarantees a trustful vendor. On the contrary, it simply guarantees that no one will view the information en route. The vendor can do whatever he wants with the information you send.
-
Cheap SSL cert
Try Simple-SSL. It's exactly the same certificate offered by RapidSSL, but significantly cheaper.
Works in most browsers (test it if you're not sure!), and it's single-root, not chained-root (chained-root is a bit more cumbersome to set up).
(No, I have no affiliation, I'm not even a customer - I have a client who bought a RapidSSL cert, so I know it works fine; I didn't find Simple-SSL until after I'd already bought mine from somebody else.)